<?php
namespace Home\Controller;
use Think\Controller;

class SaveresetpwdController extends  BaseController
{
    function index()
    {
        $mobile = addslashes(htmlspecialchars(trim($_REQUEST['mobile'])));
        $verify = addslashes(htmlspecialchars(trim($_REQUEST['mobile_code'])));
        $user_pwd = addslashes(htmlspecialchars(trim($_REQUEST['user_pwd'])));
        $user_pwd_confirm = addslashes(htmlspecialchars(trim($_REQUEST['user_pwd_confirm'])));

        $root = get_baseroot();
        $root['program_title'] = "修改密码";
        if ($user_pwd != $user_pwd_confirm) {
            $root['response_code'] = 0;
            $root['show_err'] = $GLOBALS['lang']['USER_PWD_CONFIRM_ERROR'];

        }

        if ($user_pwd == null || $user_pwd == '') {
            $root['response_code'] = 0;
            $root['show_err'] = $GLOBALS['lang']['USER_PWD_ERROR'];

        }

//
//        if ($verify == "") {
//            $root['response_code'] = 0;
//            $root['show_err'] = $GLOBALS['lang']['BIND_MOBILE_VERIFY_ERROR'];
//
//        }

        if ($mobile == '') {
            $root['response_code'] = 0;
            $root['show_err'] = $GLOBALS['lang']['MOBILE_EMPTY_TIP'];

        }

        if (!check_mobile($mobile)) {
            $root['response_code'] = 0;
            $root['show_err'] = $GLOBALS['lang']['FILL_CORRECT_MOBILE_PHONE'];

        }

        //$sql = "select id,code from ".DB_PREFIX."user where mobile = '".$mobile."' and bind_verify = '".$verify."' and is_delete = 0";
        $sql = "select id,code from " . DB_PREFIX . "user where mobile_encrypt = AES_ENCRYPT('" . $mobile . "','" . AES_DECRYPT_KEY . "') and bind_verify = '" . $verify . "' and is_delete = 0";

        $user_info = $GLOBALS['db']->getRow($sql);
        $user_id = intval($user_info['id']);
        $code = $user_info['code'];

        if ($user_id == 0) {
            $root['response_code'] = 0;
            $root['show_err'] = $GLOBALS['lang']['BIND_MOBILE_VERIFY_ERROR'];
            //output($root);
            if($_POST){
                echo json_encode($root);exit;
            }
        } else {

            $new_pwd = md5($user_pwd . $code);

            $sql = "update " . DB_PREFIX . "user set user_pwd='" . $new_pwd . "', bind_verify = '', verify_create_time = 0 where id = " . $user_id;
            $GLOBALS['db']->query($sql);

            $root['response_code'] = 1;
            $root['show_err'] = "密码更新成功!";//$GLOBALS['lang']['MOBILE_BIND_SUCCESS'];
            $root['sql'] = $sql;
            output($root);
            if($_POST){
                echo json_encode($root);exit;
            }

        }
        //output($root);
        $root['act'] = CONTROLLER_NAME;
        $root['hide_back'] = 1 ;
        $root['is_login'] = $this->check_is_login() ;
        $this->assign('data', $root);
        $this->display();
    }

}
?>